Ccna 2 Rse 6

CCNA 2 RSE 6.
0 Chapter 5 Exam Answers 2018

2019 100%
1. Which statement describes the port speed LED on the
Cisco Catalyst 2960 switch?
 If the LED is green, the port is operating at 100 Mb/s.
 If the LED is off, the port is not operating.
 If the LED is blinking green, the port is operating at 10 Mb/s.
 If the LED is amber, the port is operating at 1000 Mb/s.
Explanation:
The port speed LED indicates that the port speed mode is selected. When selec
colors with different meanings. If the LED is off, the port is operating at 10 Mb/s
operating at 100 Mb/s. If the LED is blinking green, the port is operating at 1000
2. Which command is used to set the BOOT environment

variable that defines where to find the IOS image file
on a switch?
 config-register
 boot system
 boot loader
 confreg
Explanation:
The boot system command is used to set the BOOT environment variable. The
commands are used to set the configuration register. The boot loader command
the flash file system, reinstall the operating system software, and recover from
3. What is a function of the switch boot loader?

 to speed up the boot process
 to provide security for the vulnerable state when the switch
is booting
 to control how much RAM is available to the switch during
the boot process
 to provide an environment to operate in when the switch
operating system cannot be found
Explanation:
The switch boot loader environment is presented when the switch cannot locate
boot loader environment provides a few basic commands that allows a network
operating system or provide an alternate location of the operating system.
4. Which interface is the default location that would

contain the IP address used to manage a 24-port
Ethernet switch?
 VLAN 1
 Fa0/0
 Fa0/1
 interface connected to the default gateway
 VLAN 99
5. A production switch is reloaded and finishes with a
Switch> prompt. What two facts can be determined?
(Choose two.)
 POST occurred normally.
 The boot process was interrupted.
 There is not enough RAM or flash on this router.
 A full version of the Cisco IOS was located and loaded.
 The switch did not locate the Cisco IOS in flash, so it
defaulted to ROM.
6. Which two statements are true about using full-duplex
Fast Ethernet? (Choose two.)
 Performance is improved with bidirectional data flow.
 Latency is reduced because the NIC processes frames faster.
 Nodes operate in full-duplex with unidirectional data flow.
 Performance is improved because the NIC is able to detect
collisions.
 Full-duplex Fast Ethernet offers 100 percent efficiency in
both directions.
7. In which situation would a technician use the show
interfaces switch command?
 to determine if remote access is enabled
 when packets are being dropped from a particular directly
attached host
 when an end device can reach local devices, but not remote
devices
 to determine the MAC address of a directly attached network
device on a particular interface
Explanation:
The show interfaces command is useful to detect media errors, to see if packet
to determine if any runts, giants, CRCs, interface resets, or other errors have oc
to a remote network would likely be caused by a misconfigured default gateway
switch issue. The show mac address-table command shows the MAC address of
8. Refer to the exhibit. A network technician is

troubleshooting connectivity issues in an Ethernet
network with the command show interfaces
fastEthernet 0/0. What conclusion can be drawn based
on the partial output in the exhibit?
CCNA 2 RSE 6.0 Chapter 5 Exam Answers 2018 2019 04
 All hosts on this network communicate in full-duplex mode.

 Some workstations might use an incorrect cabling type to
connect to the network.
 There are collisions in the network that cause frames to
occur that are less than 64 bytes in length.
 A malfunctioning NIC can cause frames to be transmitted
that are longer than the allowed maximum length.
Explanation:
The partial output shows that there are 50 giants (frames longer than the allow
into the network, possibly by a malfunctioning NIC. This conclusion can be draw
collisions, so not all the 50 giants are the result of a collision. Also, because the
that not all hosts are using full-duplex mode (otherwise there would not be any
cabling issues since the CRC error value is 0. There are 0 runts, so the collisions
frames to occur that are shorter than 64 bytes in length .
9. Refer to the exhibit. What media issue might exist on

the link connected to Fa0/1 based on the show
interface command?
 The bandwidth parameter on the interface might be too

high.
 There could be an issue with a faulty NIC.
 There could be too much electrical interference and noise on
the link.
 The cable attaching the host to port Fa0/1 might be too long.
 The interface might be configured as half-duplex.
Explanation:
Escalating CRC errors usually means that the data is being modified during tran
switch. This is often caused by high levels of electromagnetic interference on th
10. If one end of an Ethernet connection is configured

for full duplex and the other end of the connection is
configured for half duplex, where would late collisions
be observed?
 on both ends of the connection
 on the full-duplex end of the connection
 only on serial interfaces
 on the half-duplex end of the connection
Explanation:
Full-duplex communications do not produce collisions. However, collisions often
When a connection has two different duplex configurations, the half-duplex end
Collisions are found on Ethernet networks. Serial interfaces use technologies ot
11. What is one difference between using Telnet or

SSH to connect to a network device for management
purposes?
 Telnet uses UDP as the transport protocol whereas SSH uses
TCP.
 Telnet does not provide authentication whereas SSH
provides authentication.
 Telnet supports a host GUI whereas SSH only supports a
host CLI.
 Telnet sends a username and password in plain text,
whereas SSH encrypts the username and password.
Explanation:
SSH provides security for remote management connections to a network device
for session authentication (username and password) as well as for data transm
and password in plain text, which can be targeted to obtain the username and
Both Telnet and SSH use TCP, support authentication, and connect to hosts in C
12. Refer to the exhibit. The network administrator

wants to configure Switch1 to allow SSH connections
and prohibit Telnet connections. How should the
network administrator change the displayed
configuration to satisfy the requirement?
 Use SSH version 1.

 Reconfigure the RSA key.
 Configure SSH on a different line.
 Modify the transport input command.
13. What is the effect of using the switchport port-
security command?
 enables port security on an interface
 enables port security globally on the switch
 automatically shuts an interface down if applied to a trunk
port
 detects the first MAC address in a frame that comes into a
port and places that MAC address in the MAC address table
Explanation:
Port security cannot be enabled globally. All active switch ports should be manu
port-security command, which allows the administrator to control the number o
access the port. This command does not specify what action will be taken if a v
the process of populating the MAC address table.
14. Where are dynamically learned MAC addresses
stored when sticky learning is enabled with the
switchport port-security mac-address sticky command?
 ROM
 RAM
 NVRAM
 flash
Explanation:
When MAC addresses are automatically learned by using the sticky command o
are added to the running configuration, which is stored in RAM.
15. A network administrator configures the port

security feature on a switch. The security policy
specifies that each access port should allow up to two
MAC addresses. When the maximum number of MAC
addresses is reached, a frame with the unknown
source MAC address is dropped and a notification is
sent to the syslog server. Which security violation
mode should be configured for each access port?
 restrict
 protect
 warning
 shutdown
Explanation:
In port security implementation, an interface can be configured for one of three
Protect – a port security violation causes the interface to drop packets with unk
notification is sent that a security violation has occurred.
Restrict – a port security violation causes the interface to drop packets with unk
send a notification that a security violation has occurred.
Shutdown – a port security violation causes the interface to immediately becom
port LED. No notification is sent that a security violation has occurred.
16. Which two statements are true regarding switch

port security? (Choose two.)
 The three configurable violation modes all log violations via
SNMP.
 Dynamically learned secure MAC addresses are lost when
the switch reboots.
 The three configurable violation modes all require user
intervention to re-enable ports.
 After entering the sticky parameter, only MAC addresses
subsequently learned are converted to secure MAC addresses.
 If fewer than the maximum number of MAC addresses for a
port are configured statically, dynamically learned addresses
are added to CAM until the maximum number is reached.
17. Which action will bring an error-disabled switch
port back to an operational state?
 Remove and reconfigure port security on the interface.
 Issue the switchport mode access command on the
interface.
 Clear the MAC address table on the switch.
 Issue the shutdown and then no shutdown interface
commands.
Explanation:
When a violation occurs on a switch port that is configured for port security with
is put into the err-disabled state. It can be brought back up by shutting down th
no shutdown command.
18. Refer to the exhibit. Port Fa0/2 has already been

configured appropriately. The IP phone and PC work
properly. Which switch configuration would be most
appropriate for port Fa0/2 if the network administrator
has the following goals?No one is allowed to disconnect
the IP phone or the PC and connect some other wired
device.
If a different device is connected, port Fa0/2 is shut
down.
The switch should automatically detect the MAC
address of the IP phone and the PC and add those
addresses to the running configuration.
 SWA(config-if)# switchport port-security

SWA(config-if)# switchport port-security mac-address sticky
 SWA(config-if)# switchport port-security mac-address sticky
SWA(config-if)# switchport port-security maximum 2
SWA(config-if)# switchport port-security violation restrict
Explanation:
The default mode for a port security violation is to shut down the port so the sw
command is not necessary. The switchport port-security command must be ent
enable port security for the port. Then, additional port security options can be a
19. Refer to the exhibit. What can be determined

about port security from the information that is
shown?
 The port has been shut down.

 The port has two attached devices.
 The port violation mode is the default for any port that has
port security enabled.
 The port has the maximum number of MAC addresses that is
supported by a Layer 2 switch port which is configured for port
security.
Explanation:
The Port Security line simply shows a state of Enabled if the switchport port-sec
has been entered for a particular switch port. If a port security violation had occ
appears such as Secure-shutdown. The maximum number of MAC addresses su
Addresses line is used to show how many MAC addresses can be learned (2 in t
Addresses line shows that only one device has been attached and learned auto
configuration could be used when a port is shared by two cubicle-sharing perso
laptops.
20. Refer to the exhibit. Which event will take place if

there is a port security violation on switch S1 interface
Fa0/1?
 A notification is sent.
 A syslog message is logged.
 Packets with unknown source addresses will be dropped.
 The interface will go into error-disabled state.
Explanation:
Interface FastEthernet 0/1 is configured with the violation mode of protect. If th
FastEthernet 0/1 will drop packets with unknown MAC addresses.
21. Open the PT Activity. Perform the tasks in the activity

instructions and then answer the question.
Which event will take place if there is a port security
violation on switch S1 interface Fa0/1?
 A notification is sent.
 A syslog message is logged.
 Packets with unknown source addresses will be dropped.
 The interface will go into error-disabled state.
Explanation:

22. Match the step to each switch boot sequence

description. (Not all options are used.)
Explanation:
The violation mode can be viewed by issuing the show port-security interface <int
FastEthernet 0/1 is configured with the violation mode of protect. If there is a viola
will drop packets with unknown MAC addresses.
23. Identify the steps needed to configure a switch for

SSH. The answer order does not matter. (Not all options
are used.)
Noted: No order answers in netacad, but in our system you

should order answers like above image.
Explanation:
The steps are:
1. execute POST
2. load the boot loader from ROM
3. CPU register initializations
4. flash file system initialization
5. load the IOS
6. transfer switch control to the IOS
24. Match the link state to the interface and protocol
status. (Not all options are used.)
1. The buffers for packet processing and the running configuration file
are temporarily stored in which type of router memory?
o flash
o NVRAM
o RAM*
o ROM
RAM provides temporary storage for the running IOS, the running configuration
file, the IP routing table, ARP table, and buffers for packet processing. In
contrast, permanent storage of the IOS is provided by flash. NVRAM provides
permanent storage of the startup configuration file, and ROM.provides
permanent storage of the router bootup instructions and a limited IOS.
2. Refer to the exhibit. A company has an internal network of
192.168.10.0/24 for their employee workstations and a DMZ network of
192.168.3.0/24 to host servers. The company uses NAT when inside hosts
connect to outside network. A network administrator issues the show ip
nat translations command to check the NAT configurations. Which one of
source IPv4 addresses is translated by R1 with PAT
o 10.0.0.31
o 192.168.3.5
o 192.168.3.33
o 192.168.10.35*
o 172.16.20.5
3. Refer to the exhibit. This network has two connections to the ISP, one
via router C and one via router B. The serial link between router A and
router C supports EIGRP and is the primary link to the Internet. If the
primary link fails, the administrator needs a floating static route that
avoids recursive route lookups and any potential next-hop issues caused
by the multiaccess nature of the Ethernet segment with router B. What
should the administrator configure?
o Create a static route pointing to Fa0/0 with an AD of 1.

o Create a static route pointing to 10.1.1.1 with an AD of 95.
o Create a static route pointing to 10.1.1.1 with an AD of 1.
o Create a fully specified static route pointing to Fa0/0 with an AD of 1.
o Create a fully specified static route pointing to Fa0/0 with an AD
of 95.*
4. Which type of inter-VLAN communication design requires the
configuration of multiple subinterfaces?
o legacy inter-VLAN routing
o routing for the management VLAN
o router on a stick*
o routing via a multilayer switch
5. After sticky learning of MAC addresses is enabled, what action is
needed to prevent dynamically learned MAC addresses from being lost in
the event that an associated interface goes down?
o Reboot the switch.
o Copy the running configuration to the startup configuration.*
o Shut down the interface then enable it again with the no shutdown
command.
o Configure port security for violation protect mode.
When sticky learning is enabled, dynamically learned MAC addresses are stored
in the running configuration in RAM and will be lost if the switch is rebooted or
an interface goes down. To prevent the loss of learned MAC addresses, an
administrator can save the running configuration into the startup configuration in
NVRAM.
6. A network technician is configuring port security on switches. The
interfaces on the switches are configured in such a way that when a
violation occurs, packets with unknown source addresses are dropped
and no notification is sent. Which violation mode is configured on the
interfaces?
o off
o restrict
o protect*
o shutdown
7. A technician is configuring a switch to allow access both to IP phones
and to PCs on interface Fa0/12. The technician enters the interface
command mls qos trust cos. What is the reason for including that
command?
o It is used in conjuction with STP PortFast to ensure that interface
Fa0/12, in case of a shutdown, regains an “up” state immediately.
o It is used to verify service levels and to ensure that congestion over
serial interfaces is minimized for voice traffic.
o It is used to set the trusted state of an interface to allow
classification of traffic for QoS based on the CoS value of the IP phone.*
o It is used to provide higher categories of security for voice and video
traffic.
The class of service (CoS) value is a number placed inside a field in the 802.1Q
or ISL trunking header and used for prioritizing traffic and providing quality of
service (QoS). The mls qos trust cos command is used when a VoIP phone
attaches to a Cisco switch and QoS is implemented.
8. What is the minimum configuration for a router interface that is
participating in IPv6 routing?
o to have only a link-local IPv6 address*
o to have both a link-local and a global unicast IPv6 address
o to have both an IPv4 and an IPv6 address
o to have a self-generated loopback address
o to have only an automatically generated multicast IPv6 address
With IPv6, a router interface typically has more than one IPv6 address. The
router will at least have a link-local address that can be automatically generated,
but the router commonly has an global unicast address also configured.
9. Refer to the exhibit. Assuming that the routing tables are up to date
and no ARP messages are needed, after a packet leaves H1, how many
times is the L2 header rewritten in the path to H2?
o 1
o 2*
o 3
o 4
o 5
o 6
H1 creates the first Layer 2 header. The R1 router has to examine the
destination IP address to determine how the packet is to be routed. If the packet
is to be routed out another interface, as is the case with R1, the router strips the
current Layer 2 header and attaches a new Layer 2 header. When R2
determines that the packet is to be sent out the LAN interface, R2 removes the
Layer 2 header received from the serial link and attaches a new Ethernet header
before transmitting the packet.
10. What command will enable a router to begin sending messages that
allow it to configure a link-local address without using an IPv6 DHCP
server?
o a static route
o the ipv6 route ::/0 command
o the ipv6 unicast-routing command*
o the ip routing command
To enable IPv6 on a router you must use the ipv6 unicast-routing global
configuration command or use the ipv6 enable interface configuration command.
This is equivalent to entering ip routing to enable IPv4 routing on a router when
it has been turned off. Keep in mind that IPv4 is enabled on a router by default.
IPv6 is not enabled by default.
11. Which switching method provides error-free data transmission?
o fragment-free
o fast-forward
o integrity-checking
o store-and-forward*
12. Which problem is evident if the show ip interface command shows that
the interface is down and the line protocol is down?
o A cable has not been attached to the port.*
o There is an IP address conflict with the configured address on the
interface.
o The no shutdown command has not been issued on the interface.
o An encapsulation mismatch has occurred.
If an interface has not been brought up with the no shutdown command, the
interface status shows administratively down. A duplicate IP address will not
bring an interface down. An encapsulation error is normally found using the
show interfaces command.
13. A company security policy requires that all MAC addressing be
dynamically learned and added to both the MAC address table and the
running configuration on each switch. Which port security configuration
will accomplish this?
o auto secure MAC addresses
o dynamic secure MAC addresses
o static secure MAC addresses
o sticky secure MAC addresses*
With sticky secure MAC addressing, the MAC addresses can be either
dynamically learned or manually configured and then stored in the address table
and added to the running configuration file. In contrast, dynamic secure MAC
addressing provides for dynamically learned MAC addressing that is stored only
in the address table.
14. Refer to the exhibit. A small business uses VLANs 8, 20, 25, and 30 on
two switches that have a trunk link between them. What native VLAN
should be used on the trunk if Cisco best practices are being
implemented?
o 1
o 5*
o 8
o 20
o 25
o 30
Cisco recommends using a VLAN that is not used for anything else for the
native VLAN. The native VLAN should also not be left to the default of VLAN 1.
VLAN 5 is the only VLAN that is not used and not VLAN 1.
15. A network administrator is configuring an ACL with the command
access-list 10 permit 172.16.32.0 0.0.15.255. Which IPv4 address matches
the ACE?
o 172.16.20.2
o 172.16.26.254
o 172.16.45.2*
o 172.16.48.5
With the wildcard mask of 0.0.15.255, the IPv4 addresses that match the ACE
are in the range of 172.16.32.0 to 172.16.47.255.
16. The PT initialization was skipped. You will not be able to view the PT
activity.
Open the PT Activity. Perform the tasks in the activity instructions and
then answer the question.
Which code is displayed on the web browser?
o Inter-VLANonfigured!
o It works!*
o Welldone!
o Grea
17. Which command is issued in the VTY line configuration mode to apply
a standard ACL that will control Telnet access to a router?
o access-group 11 in
o access-class 11 in*
o access-list 11 in
o access-list 110 in
The access-class 11 in command applies a standard ACL to the VTY lines of a
router to control Telnet and SSH access. The access-group 11 in command
would be issued on a router interface to apply an ACL, and because it applies a
standard ACL, all IP traffic will be filtered, not just Telnet and SSH
communications bound for the VTY lines. The access-list command creates the
access control expressions of an ACL but do not apply the ACl to a router
interface or line.
18. Which series of commands will cause access list 15 to restrict Telnet
access on a router?
o R1(config)# line vty 0 4
R1(config-line)# ip access-group 15 in
o R1(config)# int gi0/0
R1(config-if)# ip access-group 15 in
o R1(config)# line vty 0 4
R1(config-line)# access-class 15 in*
o R1(config)# int gi0/0
R1(config-if)# access-class 15 in
Once an access list to restrict Telnet or SSH access has been created, it is
applied to the vty lines with the access-class command. This will restrict Telnet
or SSH access.
19. Which three statements accurately describe VLAN types? (Choose
three).
o A management VLAN is any VLAN that is configured to access
management features of the switch.*
o A data VLAN is used to carry VLAN management data and user-
generated traffic.
o Voice VLANs are used to support user phone and e-mail traffic on a
network.
o VLAN 1 is always used as the management VLAN.
o After the initial boot of an unconfigured switch, all ports are
members of the default VLAN.*
o An 802.1Q trunk port, with a native VLAN assigned, supports
both tagged and untagged traffic.*
20. A client is using SLAAC to obtain an IPv6 address for its interface.
After an address has been generated and applied to the interface, what
must the client do before it can begin to use this IPv6 address?
o It must send a DHCPv6 INFORMATION-REQUEST message to
request the address of the DNS server.
o It must send an ICMPv6 Router Solicitation message to determine
what default gateway it should use.
o It must send a DHCPv6 REQUEST message to the DHCPv6 server
to request permission to use this address.
o It must send an ICMPv6 Neighbor Solicitation message to
ensure that the address is not already in use on the network.*
Stateless DHCPv6 or stateful DHCPv6 uses a DHCP server, but Stateless
Address Autoconfiguration (SLAAC) does not. A SLAAC client can automatically
generate an address that is based on information from local routers via Router
Advertisement (RA) messages. Once an address has been assigned to an
interface via SLAAC, the client must ensure via Duplicate Address Detection
(DAD) that the address is not already in use. It does this by sending out an
ICMPv6 Neighbor Solicitation message and listening for a response. If a
response is received, then it means that another device is already using this
address.
21. Which DHCP IPv4 message contains the following information?
Destination address: 255.255.255.255
Client IPv4 address: 0.0.0.0
Default gateway address: 0.0.0.0
Subnet mask: 0.0.0.0
o DHCPACK
o DHCPDISCOVER*
o DHCPOFFER
o DHCPREQUEST
A client will first send the DHCPDISCOVER broadcast message to find DHCPv4
servers on the network. This message will have the limited broadcast address,
255.255.255.255, as the destination address. The client IPv4 address, the
default gateway address, and subnet fields will all be 0.0.0.0 because these
have not yet been configured on the client. When the DHCPv4 server receives a
DHCPDISCOVER message, it reserves an available IPv4 address to lease to
the client and sends the unicast DHCPOFFER message to the requesting client.
When the client receives the DHCPOFFER from the server, it sends back a
DHCPREQUEST broadcast message. On receiving the DHCPREQUEST
message, the server replies with a unicast DHCPACK message.
22. A network administrator is implementing DHCPv6 for the company.
The administrator configures a router to send RA messages with M flag as
1 by using the interface command ipv6 nd managed-config-flag. What
effect will this configuration have on the operation of the clients?
o Clients must use the information that is contained in RA messages.
o Clients must use all configuration information that is provided
by a DHCPv6 server.*
o Clients must use the prefix and prefix length that are provided by RA
messages and obtain additional information from a DHCPv6 server.
o Clients must use the prefix and prefix length that are provided by a
DHCPv6 server and generate a random interface ID.
Under stateful DHCPv6 configuration, which is indicated by setting M flag as 1
(through the interface command ipv6 nd managed-config-flag), the dynamic IPv6
address assignments are managed by the DHCPv6 server. Clients must obtain
all configuration information from a DHCPv6 server.
23. Refer to the exhibit. The users on the LAN network of R1 cannot
receive an IPv6 address from the configured stateful DHCPv6 server. What
is missing from the stateful DHCPv6 configuration on router R1?
o The FA0/0 interface is missing the command that informs the

clients to use stateful DHCPv6.*
o IPv6 has not been enabled globally on router R1.
o The DHCPv6 pool has not been bound to the LAN interface.
o The DHCPv6 pool does not match the IPv6 address configured on
interface FA0/0.
When configuring a router interface for stateful DHCPv6, the router must be able
to inform the host PC’s to receive IPv6 addressing from a stateful DHCPv6
server. The interface command is ipv6 nd managed-config-flag
24. Refer to the exhibit. NAT is configured on R1 and R2. The PC is
sending a request to the web server. What IPv4 address is the source IP
address in the packet between R2 and the web server?
o 10.130.5.76
o 209.165.200.245*
o 172.16.1.10
o 203.0.113.5
o 192.0.2.1
o 172.16.1.1
Because the packet is between R2 and the web server, the source IP address is
the inside global address of PC, 209.165.200.245.
25. Refer to the exhibit. R1 is configured for NAT as displayed. What is
wrong with the configuration?
o NAT-POOL2 is not bound to ACL 1.*

o Interface Fa0/0 should be identified as an outside NAT interface.
o The NAT pool is incorrect.
o Access-list 1 is misconfigured.
R1 has to have NAT-POOL2 bound to ACL 1. This is accomplished with the
command R1(config)#ip nat inside source list 1 pool NAT-POOL2. This would
enable the router to check for all interesting traffic and if it matches ACL 1 it
would be translated by use of the addresses in NAT-POOL2.
26. A network engineer is configuring PAT on a router and has issued the
command:
ip nat source list 1 interface serial 0/1/0 overload
Which additional command is required to specify addresses from the

192.168.128.0/18 network as the inside local addresses?
o ip nat inside source list 1 pool INSIDE_NAT_POOL
o access-list 1 permit 192.168.128.0 0.0.127.255
o access-list 1 permit 192.168.128.0 255.255.192.0
o access-list 1 permit 192.168.128.0 0.0.63.255*
o ip nat inside source static 192.168.128.0 209.165.200.254
A standard access list with the appropriate wildcard mask specifies the inside
local addresses to be translated. The ip nat inside source list 1 pool NAT_POOL
command configures NAT to use a pool of outside global addresses, not a
single outside interface address as required. The ip nat inside source static
192.168.128.0 209.165.200.254 command configures one-to-one static NAT,
not PAT as the overload keyword specifies.
27. Refer to the exhibit. If the IP addresses of the default gateway router
and the DNS server are correct, what is the configuration problem?
o The DNS server and the default gateway router should be in the
same subnet.
o The IP address of the default gateway router is not contained in
the excluded address list.*
o The default-router and dns-server commands need to be configured
with subnet masks.
o The IP address of the DNS server is not contained in the excluded
address list.
In this configuration, the excluded address list should include the address that is
assigned to the default gateway router. So the command should be ip dhcp
excluded-address 192.168.10.1 192.168.10.9.
28. Fill in the blank.
In IPv6, all routes are level ___ ultimate routes.Correct Answer: 1*
IPv6 is classless by design, making all routes level 1 ultimate routes by default.
The acronym ___ describes the type of traffic that requires a separate VLAN,
strict QoS requirements, and a one-way overall delay less than 150 ms across
the network. These restrictions help to ensure traffic quality.Correct Answer:
voip*
VoIP traffic tends to have a separate VLAN to ensure that voice quality is
maintained. VoIP traffic requires:
assured bandwidth to ensure voice quality
transmission priority over other types of network traffic
ability to be routed around congested areas on the network
delay of less than 150 ms across the network
30. Refer to the exhibit. A network administrator has just configured
address translation and is verifying the configuration. What three things
can the administrator verify? (Choose three.)
o Address translation is working.*

o Three addresses from the NAT pool are being used by hosts.
o The name of the NAT pool is refCount.
o A standard access list numbered 1 was used as part of the
configuration process.*
o Two types of NAT are enabled.*
o One port on the router is not participating in the address translation.
The show ip nat statistics, show ip nat translations, and debug ip nat commands
are useful in determining if NAT is working and and also useful in
troubleshooting problems that are associated with NAT. NAT is working, as
shown by the hits and misses count. Because there are four misses, a problem
might be evident. The standard access list numbered 1 is being used and the
translation pool is named NAT as evidenced by the last line of the output. Both
static NAT and NAT overload are used as seen in the Total translations line.
31. Which destination do Cisco routers and switches use by default when
sending syslog messages for all severity levels?
o NVRAM
o nearest syslog server
o console*
o RAM
Syslog messages for Cisco routers and switches can be sent to memory, the
console, a tty line, or to a syslog server.
32. Which requirement should be checked before a network administrator
performs an IOS image upgrade on a router?
o The desired IOS image file has been downloaded to the router.
o There is sufficient space in flash memory.*
o The old IOS image file has been deleted.
o The FTP server is operational.
Before an upgrade process starts, the user must make sure that there is
sufficient space in the flash to host the new IOS image file. An old IOS file does
not have to be deleted as long as there is sufficient space available for the new
IOS file. FTP is not supported for the IOS upgrading process. Instead, a TFTP
server is used. The new IOS image should be downloaded and loaded to the
TFTP server.
33. A network administrator configures a router with the command
sequence:
34. R1(config)# boot system tftp://c1900-universalk9-mz.SPA.152-

4.M3.bin
R1(config)# boot system rom
What is the effect of the command sequence?

o The router will load IOS from the TFTP server. If the image fails
to load, it will load the IOS image from ROM.*
o The router will search and load a valid IOS image in the sequence of
flash, TFTP, and ROM.
o The router will copy the IOS image from the TFTP server and then
reboot the system.
o On next reboot, the router will load the IOS image from ROM.
The boot system command is a global configuration command that allows the
user to specify the source for the Cisco IOS Software image to load. In this case,
the router is configured to boot from the IOS image that is stored on the TFTP
server and will use the ROMmon imagethat is located in the ROM if it fails to
locate the TFTP server or fails to load a valid image from the TFTP server.
35. Which three software packages are available for Cisco IOS Release
15.0?
o Unified Communications*
o DATA*
o Enterprise Services
o Advanced IP Services
o IPVoice
o Security*
Cisco IOS Release 15.0 has four available technology software packages.
IPBase
DATA
Unified Communications
Security
36. What two license states would be expected on a new Cisco router once
the license has been activated? (Choose two.)
o License State: Active, In Use*
o License State: Active, Registered
o License Type: ipbasek9
o License Type: Temporary
o License State: On
o License Type: Permanent*
When the show license command is issued, the following information is a
sample of what would be found once the license has been activated:
Index 1 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
It is important for a technician to be able to verify an activated IOS 15 license.
37. Which type of static route typically uses the distance parameter in the
ip route global configuration command?
o summary static route
o default static route
o floating static route*
o standard static route
Because a floating static route is not designed to be used as a primary route, its
configuration requires a higher administrative distance than the usual default
value of 1. When set higher than the administrative distance for the current
routing protocol, the distance parameter allows the route to be used only when
the primary route fails. All other forms of static routes have specific uses as
primary routes.
38. Refer to the exhibit. Which type of IPv6 static route is configured in the
exhibit?
o fully specified static route

o recursive static route*
o directly attached static route
o floating static route
The route provided points to another address that must be looked up in the
routing table. This makes the route a recursive static route.
39. Refer to the exhibit. Which route was configured as a static route to a
specific network using the next-hop address?
o C 192.168.2.0/24 is directly connected, Serial0/0/0

o S 0.0.0.0/0 [1/0] via 192.168.2.2
o S 10.0.2.0/24 [1/0] via 192.168.2.2*
o S 10.0.2.0/24 is directly connected, Serial 0/0/0
The C in a routing table indicates an interface that is up and has an IP address
assigned. The S in a routing table signifies that a route was installed using the ip
route command. Two of the routing table entries shown are static routes to a
specific destination (the 10.0.2.0 network). The entry that has the S denoting a
static route and [1/0] was configured using the next-hop address. The other
entry (S 10.0.2.0/24 is directly connected, Serial 0/0/0) is a static route
configured using the exit interface. The entry with the 0.0.0.0 route is a default
static route which is used to send packets to any destination network that is not
specifically listed in the routing table.
40. A network administrator has entered the following command:
ip route 192.168.10.64 255.255.255.192 serial0/0/1
When the network administrator enters the command show ip route, the
route is not in the routing table. What should the administrator do next?
o Re-enter the command using a network number rather than a usable
IP address.
o Verify that the serial 0/0/1 interface is active and available.*
o Re-enter the command using the correct mask.
o Verify that the 192.168.10.64 network is active within the network
infrastructure.
The reason that a correctly typed static network would not go into the routing
table is if the exit interface is not available. The 192.168.10.64 is a valid network
number and that route does not have to be “up and up” in order for a static route
to be configured on a remote router.
41. Refer to the exhibit. How did the router obtain the last route that is
shown?
o The ip route command was used.

o The ipv6 route command was used.
o Another router in the same organization provided the default
route by using a dynamic routing protocol.*
o The ip address interface configuration mode command was used in
addition to the network routing protocol configuration mode command.
A default route is presented in EIGRP with an asterisk (*) and the 0.0.0.0/0
entry. The route was learned through EIGRP and the Serial0/0/1 interface on the
router.
42. To enable RIP routing for a specific subnet, the configuration
command network 192.168.5.64 was entered by the network administrator.
What address, if any, appears in the running configuration file to identify
this network?
o 192.168.5.64
o 192.168.5.0*
o 192.168.0.0
o No address is displayed.
RIP is a classful routing protocol, meaning it will automatically convert the
subnet ID that was entered into the classful address of 192.168.5.0 when it is
displayed in the running configuration.
43. Refer to the exhibit. What is the administrative distance value that
indicates the route for R2 to reach the 10.10.0.0/16 network?
o 1*
o 120
o 0
o 2
Router 2 is using a static route to reach network 10.10.0.0 and static routes
have an administrative distance of 1.
44. Refer to the exhibit. Which type of route is 172.16.0.0/16?
o ultimate route
o level 1 parent route*
o child route
o default route
A level 1 parent route displays the classful network address, the number of
subnets, and the number of different subnet masks that the classful address has
been subdivided into. It does not have an exit interface. A child route, ultimate
route, and default route all have exit interfaces that are associated with them.
45. What is the name of the layer in the Cisco borderless switched network
design that would have more switches deployed than other layers in the
network design of a large organization?
o data link
o core
o network access
o access*
o network
Access layer switches provide user access to the network. End user devices,
such as PCs, access points, printers, and copiers, would require a port on a
switch in order to connect to the network. Thus, more switches are needed in
the access layer than are needed in the core and distribution layers.
46. What is a function of the distribution layer?
o high-speed backbone connectivity
o interconnection of large-scale networks in wiring closets*
o network access to the user
o fault isolation
The distribution layer interacts between the access layer and the core by
aggregating access layer connections in wiring closets, providing intelligent
routing and switching, and applying access policies to access the rest of the
network. Fault isolation and high-speed backbone connectivity are the primary
functions of the core layer. The main function of the access layer is to provide
network access to the user.
47. Which network design principle focuses on the capability of on-
demand seamless network expansion in a switched network?
o flexibility
o modularity*
o resiliency
o hierarchical
There are several sound network design principles that should be used when
building design guidelines for a borderless switched network:
Hierarchical – Defines the role of each device at every tier, simplifies
deployment, operation, and management, and reduces fault domains at every
tier
Modularity – Allows seamless network expansion and integrated service
enablement on an on-demand basis
Resiliency – Satisfies user expectations for keeping the network always on
Flexibility – Allows intelligent traffic load sharing by using multiple network
resources simultaneously
48. A lab in a network management software company is configuring a
testing environment to verify the performance of new software with
different network connectivity speeds, including FastEthernet,
GigabitEthernet, and 10 GigabitEthernet, and with copper and fiber optic
connections. Which type of switch should the software company purchase
to perform the tests?
o fixed configuration
o access layer
o modular configuration*
o stackable
A modular configuration switch is used at the distribution and core layers. A
modular configuration switch usually takes 3 rack units or more. Modular
configuration switches offer more flexibility in the types and number of ports as
well as the expansion cards that can be used. A fixed configuration switch tends
to be an access layer switch. Stackable switches are usually access layer
switches that have been cabled together.
49. What two license conditions would be expected on a new Cisco router
once the license has been activated? (Choose two.)
o License Type: Permanent*
o License Type: ipbasek9
o License Type: Temporary
o License State: On
o License State: Active, In Use*
o License State: Active, Registered
When the show license command is issued, the following information is a
sample of what would be found once the license has been activated:
Index 1 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
It is important for a technician to be able to verify an activated IOS 15 license.
50. In an IPv6 routing table, all routing table entries are classified as which
type of routes?
o level 2 child routes
o level 1 parent routes
o level 1 ultimate routes*
o level 1 network routes
IPv6 is classless by design, making all routes level 1 ultimate routes by default.
51. Which type of traffic requires a separate VLAN, strict QoS
requirements, and a one-way overall delay of less than 150 ms across the
network?
o video
o POP/IMAP
o HTTP
o VoIP*
VoIP traffic tends to have a separate VLAN to ensure that voice quality is
maintained. VoIP traffic requires the following:
• Assured bandwidth to ensure voice quality
• Transmission priority over other types of network traffic
• Ability to be routed around congested areas on the network
• Delay of less than 150 ms across the network
52. What information is added to the switch table from incoming frames?
o destination MAC address and incoming port number
o destination IP address and incoming port number
o source MAC address and incoming port number*
o source IP address and incoming port number
A switch “learns” or builds the MAC address table based on the source MAC
address as a frame comes into the switch. A switch forwards the frame onward
based on the destination MAC address.
53. Which statement correctly describes how a LAN switch forwards
frames that it receives?
o Cut-through frame forwarding ensures that invalid frames are always
dropped.
o Only frames with a broadcast destination address are forwarded out
all active switch ports.
o Frame forwarding decisions are based on MAC address and
port mappings in the CAM table.*
o Unicast frames are always forwarded regardless of the destination
MAC address.
Cut-through frame forwarding reads up to only the first 22 bytes of a frame,
which excludes the frame check sequence and thus invalid frames may be
forwarded. In addition to broadcast frames, frames with a destination MAC
address that is not in the CAM are also flooded out all active ports. Unicast
frames are not always forwarded. Received frames with a destination MAC
address that is associated with the switch port on which it is received are not
forwarded because the destination exists on the network segment connected to
that port..
Older Version
1.
1. How will a router handle static routing differently if Cisco
Express Forwarding is disabled?
 It will not perform recursive lookups.
 Serial point-to-point interfaces will require fully specified static
routes to avoid routing inconsistencies.
 Ethernet multiaccess interfaces will require fully specified
static routes to avoid routing inconsistencies.*
 Static routes that use an exit interface will be unnecessary.
2. Refer to the exhibit. R1 was configured with the static route
command ip route 209.165.200.224 255.255.255.224 S0/0/0 and
consequently users on network 172.16.0.0/16 are unable to reach
resources on the Internet. How should this static route be changed to
allow user traffic from the LAN to reach the Internet?
 Add the next-hop neighbor address of 209.165.200.226.

 Change the exit interface to S0/0/1.
 Change the destination network and mask to 0.0.0.0
0.0.0.0.*
 Add an administrative distance of 254
3. In a routing table which route can never be an ultimate route?
 parent route*
 child route
 level one route
 level two route
4. Refer to the exhibit. In the routing table entry, what is the
administrative distance?
CCNA2 Practice Final v5.03 014

 24
 120*
 2
 12
5. How many classful networks are summarized by the static
summary route ip route 192.168.32.0 255.255.248.0 S0/0/0?
 2
 4
 8*
 16
6. Refer to the exhibit. An administrator is trying to configure PAT
on R1, but PC-A is unable to access the Internet. The administrator tries
to ping a server on the Internet from PC-A and collects the debugs that
are shown in the exhibit. Based on this output, what is most likely the
cause of the problem?
 The address on Fa0/0 should be 64.100.0.1.

 The NAT source access list matches the wrong address
range.
 The inside global address is not on the same subnet as
the ISP.*
 The inside and outside NAT interfaces have been configured
backwards.
7. Refer to the exhibit. A PC at address 10.1.1.45 is unable to
access the Internet. What is the most likely cause of the problem?
 The NAT pool has been exhausted.*

 The wrong netmask was used on the NAT pool.
 Access-list 1 has not been configured properly.
 The inside and outside interfaces have been configured
backwards.
8. What is a disadvantage when both sides of a communication
use PAT?
 Host IPv4 addressing is complicated.
 End-to-end IPv4 traceability is lost.*
 The flexibility of connections to the Internet is reduced.
 The security of the communication is negatively impacted.
With the use of NAT, especially PAT, end-to-end traceability is lost. This is
because the host IP address in the packets during a communication is
translated when it leaves and enters the network. With the use of NAT/PAT,
both the flexibility of connections to the Internet and security are actually
enhanced. Host IPv4 addressing is provided by DHCP and not related to
NAT/PAT.
9. A small company has a web server in the office that is
accessible from the Internet. The IP address 192.168.10.15 is assigned to
the web server. The network administrator is configuring the router so
that external clients can access the web server over the Internet. Which
item is required in the NAT configuration?
 an IPv4 address pool
 an ACL to identify the local IPv4 address of the web server
 the keyword overload for the ip nat inside source command
 the ip nat inside source command to link the inside local
and inside global addresses *
10. A college student is studying for the Cisco CCENT certification
and is visualizing extended access lists. Which three keywords could
immediately follow the keywords permit or deny as part of an extended
access list? (Choose three.)
 www
 tcp *
 udp *
 icmp*
 telnet
 ftp
11. What is meant by the term “best match” when applied to the
routing table lookup process?
 network match
 supernet match
 exact match
 longest match *
12. Which three advantages are provided by static routing?
(Choose three.)
 Static routing does not advertise over the network, thus
providing better security.*
 Configuration of static routes is error-free.
 Static routes scale well as the network grows.
 Static routing typically uses less network bandwidth and
fewer CPU operations than dynamic routing does. *
 The path a static route uses to send data is known.*
 No intervention is required to maintain changing route
information.
13. A network administrator is implementing a distance vector
routing protocol between neighbors on the network. In the context of
distance vector protocols, what is a neighbor?
 routers that are reachable over a TCP session
 routers that share a link and use the same routing
protocol*
 routers that reside in the same area
 routers that exchange LSAs
14. Refer to the exhibit. The student on the H1 computer continues
to launch an extended ping with expanded packets at the student on the
H2 computer. The school network administrator wants to stop this
behavior, but still allow both students access to web-based computer
assignments. What would be the best plan for the network
administrator?
 Apply an outbound extended ACL on R1 S0/0/1.

 Apply an outbound standard ACL on R2 S0/0/1.
 Apply an inbound standard ACL on R1 Gi0/0.
 Apply an inbound extended ACL on R2 Gi0/1.
 Apply an inbound extended ACL on R1 Gi0/0.*
15. What is associated with link-state routing protocols?
 low processor overhead
 poison reverse
 routing loops
 split horizon
 shortest-path first calculations*
16. How is the router ID for an OSPFv3 router determined?
 the highest IPv6 address on an active interface
 the lowest MAC address on an active interface
 the highest IPv4 address on an active interface*
 the highest EUI-64 ID on an active interface
17. An administrator attempts to change the router ID on a router
that is running OSPFv3 by changing the IPv4 address on the router
loopback interface. Once the IPv4 address is changed, the administrator
notes that the router ID did not change. What two actions can the
administrator take so that the router will use the new IPv4 address as the
router ID? (Choose two.)
 Shut down and re-enable the loopback interface.
 Reboot the router.*
 Copy the running configuration to NVRAM.
 Clear the IPv6 OSPF process.*
 Disable and re-enable IPv4 routing.
18. Refer to the exhibit. Which would be chosen as the router ID of
R2?
 2001:DB8:CAFE:2::/64
 LLA: FE80::2*
 2001:DB8:CAFE:A001::/64
 The router ID has to be manually configured.
19. Which two pieces of information are required when creating a
standard access control list? (Choose two.)
 destination address and wildcard mask
 source address and wildcard mask*
 subnet mask and wildcard mask
 access list number between 100 and 199
 access list number between 1 and 99*
20. Which two keywords can be used in an access control list to
replace a wildcard mask or address and wildcard mask pair? (Choose
two.)
 most
 host*
 all
 any*
 some
 gt
21. What is the effect of the access control list wildcard mask
0.0.0.15? (Choose two.)
 The first 28 bits of a supplied IP address will be ignored.
 The last four bits of a supplied IP address will be
ignored.*
 The first 32 bits of a supplied IP address will be matched.
 The first 28 bits of a supplied IP address will be matched.*
 The last five bits of a supplied IP address will be ignored.
 The last four bits of a supplied IP address will be matched.
22. An administrator created and applied an outbound Telnet
extended ACL on a router to prevent router-initiated Telnet sessions.
What is a consequence of this configuration?
 The ACL will not work as desired because an outbound
ACL cannot block router-initiated traffic.*
 The ACL will work as desired as long as it is applied to the
correct interface.
 The ACL will not work because only standard ACLs can be
applied to vty lines.
 The ACL will work as long as it will be applied to all vty lines.
23. A network administrator is testing IPv6 connectivity to a web
server. The network administrator does not want any other host to
connect to the web server except for the one test computer. Which type
of IPv6 ACL could be used for this situation?
 only a standard ACL
 a standard or extended ACL
 only an extended ACL
 an extended, named, or numbered ACL
 only a named ACL *
24. What does an OSPF area contain?
 routers that share the same router ID
 routers whose SPF trees are identical
 routers that have the same link-state information in their
LSDBs*
 routers that share the same process ID
25. What is the effect of entering the network 192.168.10.1 0.0.0.0
area 0 command in router configuration mode?
 The interface with the IPv4 address 192.168.10.1 will be a
passive interface.
 OSPF advertisements will include the network on the
interface with the IPv4 address 192.168.10.1.*
 This command will have no effect because it uses a quad zero
wildcard mask.
 OSPF advertisements will include the specific IPv4 address
192.168.10.1.
26. What is the order of packet types used by an OSPF router to
establish convergence?
 Hello, LSAck, LSU, LSR, DBD
 LSAck, Hello, DBD, LSU, LSR
 Hello, DBD, LSR, LSU, LSAck*
 LSU, LSAck, Hello, DBD, LSR
27. What best describes the operation of distance vector routing
protocols?
 They use hop count as their only metric.
 They only send out updates when a new network is added.
 They send their routing tables to directly connected
neighbors.*
 They flood the entire network with routing updates.
28. What is an advantage of using dynamic routing protocols
instead of static routing?
 easier to implement
 more secure in controlling routing updates
 fewer router resource overhead requirements
 ability to actively search for new routes if the current path
becomes unavailable*
29. Refer to the exhibit. R1 and R2 are OSPFv3 neighbors. Which
address would R1 use as the next hop for packets that are destined for
the Internet?
 FF02::5
 2001:DB8:ACAD:1::2
 2001:DB8:C5C0:1::2
 FE80::21E:BEFF:FEF4:5538*
30. Refer to the exhibit. What address will be used as the router ID
for the OSPFv3 process?
 1.1.1.1
 10.1.1.1*
 192.168.1.1
 2001:DB8:CAFE:1::1
 2001:DB8:ACAD:1::1
31. Which network design may be recommended for a small
campus site that consists of a single building with a few users?
 a network design where the access and core layers are
collapsed into a single layer
 a collapsed core network design*
 a three-tier campus network design where the access,
distribution, and core are all separate layers, each one with very specific
functions
 a network design where the access and distribution layers are
collapsed into a single layer
32. When does a switch use frame filtering?
 The destination MAC address is for a host on a different
network segment from the source of the traffic.
 The destination MAC address is for a host on the same
network segment as the source of the traffic.*
 The destination MAC address is for a host with no entry in the
MAC address table.
 The destination MAC address is for a host on a network
supported by a different router.
33. Which command will verify the status of both the physical and
the virtual interfaces on a switch?
 show running-config
 show ip interface brief*
 show startup-config
 show vlan
34. Refer to the exhibit. A network administrator is investigating a
lag in network performance and issues the show interfaces fastethernet
0/0 command. Based on the output that is displayed, what two items
should the administrator check next? (Choose two.)
 cable lengths*
 damaged cable termination
 duplex settings*
 electrical interference
 incorrect cable types
35. Which command would be best to use on an unused switch port
if a company adheres to the best practices as recommended by Cisco?
 shutdown*
 ip dhcp snooping
 switchport port-security mac-address sticky
 switchport port-security violation shutdown
 switchport port-security mac-address sticky mac-address
36. Which two commands should be implemented to return a Cisco
3560 trunk port to its default configuration? (Choose two.)
 S1(config-if)# no switchport trunk allowed vlan*
 S1(config-if)# no switchport trunk native vlan*
 S1(config-if)# switchport mode dynamic desirable
 S1(config-if)# switchport mode access
 S1(config-if)# switchport access vlan 1
37. Which two methods can be used to provide secure management
access to a Cisco switch? (Choose two.)
 Configure all switch ports to a new VLAN that is not VLAN 1.
 Configure specific ports for management traffic on a
specific VLAN. *
 Configure SSH for remote management.*
 Configure all unused ports to a “black hole.”
 Configure the native VLAN to match the default VLAN.
38. Refer to the exhibit. A network administrator is configuring
inter-VLAN routing on a network. For now, only one VLAN is being used,
but more will be added soon. What is the missing parameter that is
shown as the highlighted question mark in the graphic?
 It identifies the subinterface.

 It identifies the VLAN number.*
 It identifies the native VLAN number.
 It identifies the type of encapsulation that is used.
 It identifies the number of hosts that are allowed on the
interface.
39. Refer to the exhibit. A Layer 3 switch routes for three VLANs
and connects to a router for Internet connectivity. Which two
configurations would be applied to the switch? (Choose two.)
 (config)# interface gigabitethernet 1/1

(config-if)# no switchport
(config-if)# ip address 192.168.1.2 255.255.255.252
 (config)# interface vlan 1
(config-if)# no shutdown
 (config)# interface gigabitethernet1/1
(config-if)# switchport mode trunk
 (config)# interface fastethernet0/4
 (config)# ip routing*
Using router-on-a-stick inter-VLAN routing, how many subinterfaces have to
be configured to support 10 VLANs? 10
41. Refer to the exhibit. Inter-VLAN communication between VLAN
10, VLAN 20, and VLAN 30 is not successful. What is the problem?
 The access interfaces do not have IP addresses and each
should be configured with an IP address.
 The switch interface FastEthernet0/1 is configured as an
access interface and should be configured as a trunk interface.*
 The switch interface FastEthernet0/1 is configured to not
negotiate and should be configured to negotiate.
 The switch interfaces FastEthernet0/2, FastEthernet0/3, and
FastEthernet0/4 are configured to not negotiate and should be configured to
negotiate.
42. When routing a large number of VLANs, what are two
disadvantages of using the router-on-a-stick inter-VLAN routing method
rather than the multilayer switch inter-VLAN routing method? (Choose
two.)
 Multiple SVIs are needed.
 A dedicated router is required.*
 Router-on-a-stick requires subinterfaces to be configured on
the same subnets.
 Router-on-a-stick requires multiple physical interfaces on a
router.
 Multiple subinterfaces may impact the traffic flow speed.*
43. Which two statements are characteristics of routed ports on a
multilayer switch? (Choose two.)
 They are not associated with a particular VLAN.*
 The interface vlan <vlan number> command has to be
entered to create a VLAN on routed ports.
 They support subinterfaces, like interfaces on the Cisco IOS
routers.
 They are used for point-to-multipoint links.
 In a switched network, they are mostly configured
between switches at the core and distribution layers.*
44. Match each borderless network principle to its description. (Not
all options are used.)
 Question
 Answer
45. Fill in the blank. Do not use abbreviations.

The duplex full command configures a switch port to operate in the full-
duplex mode.
46. Launch PT. Hide and Save PT
Open the PT activity. Perform the tasks in the activity instructions and
then answer the question.
To verify that the SVI is configured correctly, answer this question:
Which ping command completed successfully?
 ping 192.168.25.9*
 ping 192.168.25.10
 ping 192.168.25.7
 ping 192.168.25.8
CONFIGURATION
SW0(config)#interface vlan 10
SW0(config-if)#ip address 192.168.63.2 255.255.255.0
SW0(config-if)#exit
SW0(config)#ip default-gateway 192.168.63.1
SW0(config)#end
47. Which command will create a static default route on R1 to send
all traffic to the Internet and use serial 0/0 as the exit interface?
 R1(config)# ip route 255.255.255.255 0.0.0.0 serial 0/0
 R1(config)# ip route 0.0.0.0 0.0.0.0 serial 0/0*
48. What is a result of connecting two or more switches together?
 The number of collision domains is reduced.
 The size of the broadcast domain is increased.*
 The number of broadcast domains is increased.
 The size of the collision domain is increased.
49. What is meant by the term “best match” when applied to the
routing table lookup process?
 exact match
 longest match*
 network match
 supernet match
50. A router with two LAN interfaces, two WAN interfaces, and one
configured loopback interface is operating with OSPF as its routing
protocol. What does the router OSPF process use to assign the router
ID?
 the highest IP address that is configured on the WAN
interfaces
 the IP address of the interface that is configured with priority 0
 the highest IP address on the LAN interfaces
 the OSPF area ID that is configured on the interface with the
highest IP address
 the loopback interface IP address*
51. Order the DHCP process steps. (Not all options are used.)
Place the options in the following order:

Step 3
– target left blank –
Step 4 *
Step 2 *
Step 1*
52. Refer to the exhibit. Host A has sent a packet to host B. What
will be the source MAC and IP addresses on the packet when it arrives at
host B?
 Source MAC: 00E0.FE10.17A3

Source IP: 10.1.1.10
 Source MAC: 00E0.FE91.7799
Source IP: 10.1.1.1
Source IP: 192.168.1.1
Source IP: 10.1.1.10*
 Source MAC: 00E0.FE10.17A3
Source IP: 192.168.1.1
53. An administrator is trying to remove configurations from a
switch. After using the command erase startup-config and reloading the
switch, the administrator finds that VLANs 10 and 100 still exist on the
switch. Why were these VLANs not removed?
 These VLANs cannot be deleted unless the switch is in VTP
client mode.
 These VLANs are default VLANs that cannot be removed.
 These VLANs can only be removed from the switch by using
the no vlan 10 and no vlan 100 commands.
 Because these VLANs are stored in a file that is called
vlan.dat that is located in flash memory, this file must be manually
deleted.*
54. In which type of attack does a malicious node request all
available IP addresses in the address pool of a DHCP server in order to
prevent legitimate hosts from obtaining network access?
 CAM table overflow
 DHCP snooping
 MAC address flooding
 DHCP starvation*
55. Refer to the exhibit.
A Layer 3 switch routes for three VLANs and connects to a router for
Internet connectivity. Which two configurations would be applied to the
switch? (Choose two.)
 (config)# interface gigabitethernet1/1
(config)# interface fastethernet0/4
 (config)# interface gigabitethernet 1/1
(config-if)# no switchport
(config-if)# ip address 192.168.1.2 255.255.255.252*
 (config)# interface vlan 1
(config-if)# no shutdown
 (config)# ip routing*
56. Which characteristic is unique to EIGRP?
 EIGRP supports classless routing.
 EIGRP supports loop-free autosummarization.
 EIGRP supports both IPv4 and IPv6.
 EIGRP supports unequal-cost load balancing.*
57. Match the router memory type that provides the primary storage
for the router feature. (Not all options are used.)
Place the options in the following order.

— not scored —
full operating system -> flash
limited operating system -> ROM
routing table -> RAM
startup configuration file -> NVRAM
Download PDF File below:*
. How many /30 subnets can be created from one /27

subnet
 2
 4
 6
 8*
A /27 subnet contains 32 IP addresses, and a /30 subnet
contains 4 IP addresses, so eight /30 subnets can be
created from one /27 subnet.
2. What information can be verified through the show ip
dhcp binding command?
 that DHCPv4 discover messages are still being
received by the DHCP server
 the number of IP addresses remaining in the DHCP
pool
 the IPv4 addresses that are assigned to hosts by the
DHCP server*
 the IPv4 addresses that have been excluded from the
DHCPv4 pool
This command displays a list of all IPv4 address to MAC
address bindings that have been provided by the DHCPv4
service.
3. Refer to the exhibit. A network administrator is
reviewing port and VLAN assignments on switch S2 and
notices that interfaces Gi0/1 and Gi0/2 are not included
in the output. Why would the interfaces be missing from
the output
 There is a native VLAN mismatch between the
switches.
 There is no media connected to the interfaces.
 They are administratively shut down.
 They are configured as trunk interfaces*
6.2.2 VLAN Trunks
Interfaces that are configured as trunks do not belong to a
VLAN and therefore will not show in the output of the show
vlan brief commands.
4. Refer to the exhibit. A switch with a default
configuration connects four hosts. The ARP table for host
A is shown. What happens when host A wants to send an
IP packet to host D?
 Host A sends an ARP request to the MAC address of
host D. Host D responds with its IP address.
 Host D sends an ARP request to host A. Host A
responds with its MAC address.
 Host A sends out the packet to the switch. The switch
adds the MAC address for host D to the frame and
forwards it to the network.
 Host A sends out a broadcast of FF:FF:FF:FF:FF:FF.
Every other host connected to the switch receives the
broadcast and host D responds with its MAC address.*
5. Refer to the exhibit. A network administrator needs to
add an ACE to the TRAFFIC-CONTROL ACL that will deny
IP traffic from the subnet 172.23.16.0/20. Which ACE will
meet this requirement?
 5 deny 172.23.16.0 0.0.15.255*

 5 deny 172.23.16.0 0.0.255.255
 15 deny 172.23.16.0 0.0.15.255
 30 deny 172.23.16.0 0.0.15.255
6. Which three layers of the OSI model map to the
application layer of the TCP/IP model? (Choose three.)
 Application*
 Data Link
 Transport
 Session*
 Presentation*
 Network
7. Refer to the exhibit. When a packet arrives on
interface Serial0/0/0 on R1, with a destination IP address
of PC1, which two events occur? (Choose two)
 Router R1 will de-encapsulate the packet and

encapsulate it in a PPP frame.
 Router R1 will forward the packet out Gig0/1.*
 Router R1 will forward the packet out Gig0/0.
 Router R1 will de-encapsulate the packet and
encapsulate it in an Ethernet frame.*
 Router R1 will forward the packet out S0/0/0.
Routing and Switching Essentials
1.1.1 Router Functions
1.2.2 Path Determination
A router will look in the routing table for a destination
network and locate an exit interface to forward a packet to
a destination. After the exit interface is determined, the
router will encapsulate a packet into the correct frame
type.
(PPP) is a data link (layer 2) protocol used to establish a
direct connection between two nodes. (from wikipedia)
8. What is the purpose of the overload keyword in the ip
nat inside source list 1 pool NAT_POOL overload
command?
 It allows many inside hosts to share one or a few
inside global addresses.*
 It allows a pool of inside global addresses to be used
by internal hosts.
 It allows external hosts to initiate sessions with
internal hosts.
 It allows a list of internal hosts to communicate with
a specific group of external hosts.
The primary difference between this configuration and the
configuration for dynamic, one-to-one NAT is that the
overload keyword is used. The overload keyword enables
PAT.
9. What type of installation is needed to view syslog
messages?
 A syslog client must be installed on a workstation.
 Because any network equipment can interpret syslog
messages, nothing special is needed to view them.
 A syslog server must be installed on a router.
 A syslog server must be installed on a workstation.*
The syslog protocol allows networking devices to send
their system messages across the network to syslog
servers.
10. Refer to the exhibit. A network administrator has
added a new subnet to the network and needs hosts on
that subnet to receive IPv4 addresses from the DHCPv4
server.
What two commands will allow hosts on the new subnet
to receive addresses from the DHCP4 server? (Choose
two.)
 R1(config-if)# ip helper-address 10.2.0.250*

 R1(config)# interface G0/1
 R1(config)# interface G0/0*
 R2(config-if)# ip helper-address 10.2.0.250
 R2(config)# interface G0/0
 R1(config-if)# ip helper-address 10.1.0.254
You need the router interface that is connected to the new
subnet and the dhcp server address.
11. Refer to the exhibit. Static NAT is being configured to
allow PC 1 access to the web server on the internal
network. What two addresses are needed in place of A
and B to complete the static NAT configuration? (Choose
two.)
 B = 209.165.201.7
 A = 10.1.0.13*
 B = 10.0.254.5
 B = 209.165.201.1*
 A = 209.165.201.2
12. When creating an IPv6 static route, when must a
next-hop IPv6 address and an exit interface both be
specified
 when CEF is enabled
 when the static route is a default route
 when the next hop is a link-local address*
 when the exit interface is a point-to-point interface
2.2.3 Configure IPv6 Static Routes
Link-local addresses are only unique on a given link, and
the same address could exist out multiple interfaces. For
that reason, any time a static route specifies a link-local
address as the next hop, it must also specify the exit
interface. This is called a fully specified static route.
13. Which address prefix range is reserved for IPv4
multicast?
 224.0.0.0 – 239.255.255.255*
 240.0.0.0 – 254.255.255.255
 169.254.0.0 – 169.25.255.255
 127.0.0.0- 127.255.255.255
14. Refer to the exhibit. What would happen after the IT
administrator enters the new static route?
 The 172.16.1.0 route learned from RIP would be

replaced with the 172.16.1.0 static route.*
 The 172.16.1.0 static route is added to the existing
routes in the routing table.
 The 172.16.1.0 static route would be entered into the
running-config but not shown in the routing table.
 The 0.0.0.0 default route would be replaced with the
172.16.1.0 static route.
A route will be installed in a routing table if there is not
another routing source with a lower administrative
distance. If a route with a lower administrative distance to
the same destination network as a current route is
entered, the route with the lower administrative distance
will replace the route with a higher administrative
distance.
15. What effect does the default-information originate
command have on a Cisco router that is configured for
RIP?
 Any dynamic route that is learned from a neighboring
router will propagate to other adjacent routers.
 Any default static route that is configured on the
router will propagate to other adjacent routers.*
 Any static route that is learned from a neighboring
router will propagate to other adjacent routers.
 Any routes that are learned from a neighboring router
will propagate to other adjacent routers.
16. Which type of IPv6 address refers to any unicast
address that is assigned to multiple hosts?
 Single location
 Any cast*
 Link-local
 Global unicast
The anycast address is a unicast address that is assigned
to multiple hosts. Anycast addresses are usually used to
locate the nearest server of a specifc type–for example,
the nearest DNS or network time server. Assigning the
same unicast address to more than one interface makes it
an anycast address. You can have link-local, unique local,
or global unicast anycast addresses. When you assign an
anycast address to an interface, you must explicitly
identify the address as an anycast address.
17. An administrator wants to replace the configuration
file on a Cisco router by loading a new configuration file
from a TFTP server. What two things does the
administrator need to know before performing this task?
(Choose two.)
 TFTP server IP address*
 name of the configuration file that is currently stored
on the router
 router IP address
 configuration register value
 name of the configuration file that is stored on the
TFTP server*
 The name of the configuration file that is currently
stored on the TFTP server
 The name of the configuration file that is currently
stored on the router
10.3.3 IOS Image Management
In order to identify the exact location of the desired
configuration file, the IP address of the TFTP server and
the name of the configuration file are essential information.
Because the file is a new configuration, the name of the
current configuration file is not necessary.
18. Refer to the exhibit. Inter-VLAN communication
between VLAN 10, VLAN 20, and VLAN 30 is not
successful. What is the problem?
 The switch interface FastEthernet0/1 is configured to

not negotiate and should be configured to negotiate.
 The access interfaces do not have IP addresses and
each should be configured with an IP address.
 The switch interface FastEthernet0/1 is configured
as an access interface and should be configured as a
trunk interface.*
 The switch interfaces FastEthernet0/2,
FastEthernet0/3, and FastEthernet0/4 are configured to
not negotiate and should be configured to negotiate.
6.3.3 Configure Router-on-a-Stick Inter-VLAN Routing
To forward all VLANs to the router, the switch interface
Fa0/1 must be configured as a trunk interface with the
switchport mode trunk command.
19. Which statement describes the Cisco License
Manager?
 It is a free, standalone software application for
deploying Cisco software licenses across the network.*
 It is a web-based portal for getting and registering
individual software licenses.
 It is a centralized TFTP server that enables control of
the number and revision level of Cisco IOS images.
 It is an organized collection of processes and
components used to activate Cisco IOS software feature
sets by obtaining and validating Cisco software licenses.
10.3.4 Software Licensing
Cisco License Manager (CLM) is available as a free
download from the Cisco website and is a standalone
application that helps network administrators deploy
licenses across entire networks.
20. A user sends an HTTP request to a web server on a
remote network. During encapsulation for this request,
what information is added to the address field of a frame
to indicate the destination?
 the MAC address of the default gateway*
 the network domain of the destination host
 the IP address of the default gateway
 the MAC address of the destination host
A frame is encapsulated with source and destination MAC
addresses. The source device will not know the MAC
address of the remote host. An ARP request will be sent by
the source and will be responded to by the router. The
router will respond with the MAC address of its interface,
the one which is connected to the same network as the
source.
21. A network administrator is designing an IPv4
addressing scheme and requires these subnets.
1 subnet of 100 hosts
2 subnets of 80 hosts
Which combination of subnets and masks will provide the
best addressing plan for these requirements
 9 subnets of 126 hosts with a 255.255.255.128 mask
6 subnets of 30 hosts with a 255.255.255.224 mask*
6 subnets of 30 hosts with a 255.255.255.240 mask
 1 subnet of 126 hosts with a 255.255.255.192 mask
IPv4 subnets that require 100 and 80 hosts are provided by
creating subnets of 126 usable addresses, each of which
requires 7 host bits. The resulting mask is
255.255.255.128.
Subnets that require 30 and 20 hosts are provided by
creating subnets of 30 usable addresses, each of which
requires 5 host bits. The resulting mask is
255.255.255.224.
Creating nine subnets, each consisting of 126 usable
addresses, would waste large numbers of addresses in the
six smaller subnets.
22. Refer to the exhibit. How was the host route
2001:DB8:CAFE:4::1/128 installed in the routing table?
 The route was automatically installed when an IP
address was configured on an active interface.
 The route was dynamically created by router R1.
 The route was manually entered by an
administrator.*
 The route was dynamically learned from another
router.
A host route is an IPv6 route with a 128-bit mask. A host
route can be installed in a routing table automatically
when an IP address is configured on a router interface or
manually if a static route is created
23. What are three characteristics of the CSMA/CD
process? (Choose three.)
 The device with the electronic token is the only one
that can transmit after a collision.
 After detecting a collision, hosts can attempt to
resume transmission after a random time delay has
expired.*
 All of the devices on a segment see data that passes
on the network medium.*
 Devices can be configured with a higher transmission
priority.
 A device listens and waits until the media is not
busy before transmitting.*
 A jam signal indicates that the collision has cleared
and the media is not busy.
The Carrier Sense Multiple Access/Collision Detection
(CSMA/CD) process is a contention-based media access
control mechanism used on shared media access
networks, such as Ethernet. When a device needs to
transmit data, it listens and waits until the media is
available (quiet), then it will send data. If two devices
transmit at the same time, a collision will occur. Both
devices will detect the collision on the network. When a
device detects a collision, it will stop the data
transmission process, wait for a random amount of time,
then try again.
24. A network engineer is troubleshooting connectivity
issues among interconnected Cisco routers and switches.
Which command should the engineer use to find the IP
address information, host name, and IOS version of
neighboring network devices?
 show ip route
 show interfaces
 show version
 show cdp neighbors detail*
The show cdp neighbors command provides helpful
information about each CDP neighbor device, including the
following:
Device identifiers – The host name of the neighbor device
(S1)
Port identifier – The name of the local and remote port (Gig
0/1 and Fas 0/5, respectively)
Capabilities list – Whether the device is a router or a
switch (S for switch; I for IGMP is beyond scope for this
course)
Platform – The hardware platform of the device (WS-C2960
for Cisco 2960 switch)
he show cdp neighbors detail command can also provide
information, such as the neighbors’ IOS version and IPv4
address
25. Fill in the blank
When port security is enabled, a switch port uses the
default violation mode of ___shutdown* ___ until
specifically configured to use a different violation mode.
If no violation mode is specified when port security is
enabled on a switch port, then the security violation mode
defaults to shutdown.
5.2.2 Switch Port Security
26. Refer to the exhibit. Which source address is being
used by router R1 for packets being forwarded to the
Internet?
 198.51.100.3
 10.6.15.2
 209.165.200.225*
 209.165.202.141
The inside global address is used as the source address for
packets leaving the network
The source address for packets forwarded by the router to
the Internet will be the inside global address of
209.165.200.225. This is the address that the internal
addresses from the 10.6.15.0 network will be translated to
by NAT.
27. Which feature on a Cisco router permits the
forwarding of traffic for which there is no specific route
 route source
 next-hop
 outgoing interface
 gateway of last resort*
1.2.2 Path Determination
A default static route is used as a gateway of last resort to
forward unknown destination traffic to a next hop/exit
interface. The next-hop or exit interface is the destination
to send traffic to on a network after the traffic is matched
in a router. The route source is the location a route was
learned from.
28. Which three statements characterize UDP (Choose
three.)
 UDP provides sophisticated flow control mechanisms.
 UDP relies on IP for error detection and recovery.
 UDP is a low overhead protocol that does not
provide sequencing or flow control mechanisms.
 UDP provides basic connectionless transport layer
functions.
 UDP relies on application layer protocols for error
detection.
 UDP provides connection-oriented, fast transport of
data at Layer 3.
UDP is a simple protocol that provides the basic transport
layer functions. It has much lower overhead than TCP
because it is not connection-oriented and does not offer
the sophisticated retransmission, sequencing, and flow
control mechanisms that provide reliability.
29. Refer to the exhibit. What will router R1 do with a
packet that has a destination IPv6 address of
2001:db8:cafe:5::1?
 forward the packet out GigabitEthernet0/1

 drop the packet
 forward the packet out Serial0/0/0*
 forward the packet out GigabitEthernet0/0
2.2.4 Configure IPv6 Default Routes
The route ::/0 is the compressed form of the
0000:0000:0000:0000:0000:0000:0000:0000/0 default route.
The default route is used if a more specific route is not
found in the routing table.
30. How will a router handle static routing differently if
Cisco Express Forwarding is disabled
 Static routes that use an exit interface will be
unnecessary.
 Serial point-to-point interfaces will require fully
specified static routes to avoid routing inconsistencies.
 It will not perform recursive lookups.
 Ethernet multiaccess interfaces will require fully
specified static routes to avoid routing
inconsistencies.*
2.2.1 Configure IPv4 Static Routes
In most platforms running IOS 12.0 or later, Cisco Express
Forwarding is enabled by default. Cisco Express
Forwarding eliminates the need for the recursive lookup. If
Cisco Express Forwarding is disabled, multiaccess network
interfaces require fully specified static routes in order to
avoid inconsistencies in their routing tables. Point-to-point
interfaces do not have this problem, because multiple end
points are not present. With or without Cisco Express
Forwarding enabled, using an exit interface when
configuring a static route is a viable option.
31. Refer to the exhibit. A network technician issues the
command show vlan to verify the VLAN configuration.
Based on the output, which port should be assigned with
native VLAN?
 Fa0/12
 Gig0/1
 Fa0/24
 Fa0/20*
32. Which two things should a network administrator
modify on a router to perform password recovery?
(Choose two.)
 the configuration register value*
 the NVRAM file system
 system ROM
 the system image file
 the startup configuration file*
33. What are two reasons why an administrator might
choose to use static routing rather than dynamic
routing? (Choose two.)
 Static routing is more scalable.
 Static routing is easier to maintain in large networks.
 Static routing uses less router processing and
bandwidth.*
 Static routing is more secure.*
 Static routing does not require complete knowledge of
the whole network.
34. An administrator who is troubleshooting connectivity
issues on a switch notices that a switch port configured
for port security is in the err-disabled state. After
verifying the cause of the violation, how should the
administrator re-enable the port without disrupting
network operation?
 Reboot the switch.
 Issue the no switchport port-security violation
shutdown command on the interface.
 Issue the no switchport port-security command, then
re-enable port security.
 Issue the shutdown command followed by the no
shutdown command on the interface.*
To re-enable the port, use the shutdown interface
configuration mode command (Figure 3). Then, use the no
shutdown interface configuration command to make the
port operational.
35. A network administrator has been allocated the IPv4
10.10.240.0/20 block of addresses for a LAN. Two devices
on two different, but contiguous, subnets on the LAN
have been assigned the addresses 10.10.247.1/21 and
10.10.248.10/24, respectively. The administrator has to
create a third subnet from the remaining address range.
To optimize the use of this address space, the new
subnet will follow on directly from the existing subnets.
What is the first available host address in the next
available subnet
 10.10.250.1
 10.10.249.1*
 10.10.248.17
 10.10.255.17
The complete address range of the subnet with the host
10.10.247.1/21 is 10.10.240.0/21 to 10.10.247.255/21. The
complete address range of the subnet that contains the
host 10.10.248.10/24 is 10.10.248.0/24 to 10.10.248.255/24.
This means that the next subnet will have a network
address of 10.10.249.0 with a prefix length between 24 and
30. The first useable host address on this new subnet is
therefore 10.10.249.1.
36. Refer to the exhibit. A ping to PC3 is issued from PC0,
PC1, and PC2 in this exact order. Which MAC addresses
will be contained in the S1 MAC address table that is
associated with the Fa0/1 port?
 PC0, PC1, and PC2 MAC addresses

 just the PC1 MAC address
 just PC0 and PC1 MAC addresses*
Switch S1 builds a MAC address table based on the source
MAC address in the frame and the port upon which the
frame enters the switch. The PC2 MAC address will be
associated with port FA0/2. Because port FA0/1 of switch
S1 connects with another switch, port FA0/1 will receive
frames from multiple different devices. The MAC address
table on switch S1 will therefore contain MAC addresses
associated with each of the sending PCs.
37. Refer to the exhibit. A network administrator issues
the show lldp neighbors command to display information
about neighboring devices. What can be determined
based on the information?
 Device C1 is a switch.*
 Device A1 is connected to the port Fa0/5 on device
B1.
 Device C1 is a switch.
 Device B1 is a WLAN access point.
 Device C1 is connected to device B1 through the port
Fa0/3.
38. Which two devices allow hosts on different VLANs to
communicate with each other (Choose two.)
 Layer 3 switch*
 repeater
 router*
 hub
 Layer 2 switch
6.3.1 Inter-VLAN Routing Operation
Members of different VLANs are on separate networks. For
devices on separate networks to be able to communicate,
a Layer 3 device, such as a router or Layer 3 switch, is
necessary.
39. Refer to the exhibit. Host A sends a data packet to
host B. What will be the addressing information of the
data packet when it reaches host B
A.
B.
C.
D.
Correct Answers: A
40. Data is being sent from a source PC to a destination
server. Which three statements correctly describe the
function of TCP or UDP in this situation (Choose three.)
 TCP is the preferred protocol when a function requires
lower network overhead.
 The source port field identifies the running
application or service that will handle data returning to
the PC.*
 The UDP destination port number identifies the
application or service on the server which will handle
the data.*
 The TCP process running on the PC randomly selects
the destination port when establishing a session with the
server.
 UDP segments are encapsulated within IP packets
for transport across the network.*
 The TCP source port number identifies the sending
host on the network.
Layer 4 port numbers identify the application or service
which will handle the data. The source port number is
added by the sending device and will be the destination
port number when the requested information is returned.
Layer 4 segments are encapsulated within IP packets.
UDP, not TCP, is used when low overhead is needed. A
source IP address, not a TCP source port number, identifies
the sending host on the network. Destination port numbers
are specific ports that a server application or service
monitors for requests.
41. What is defined by the ip nat pool command when
configuring dynamic NAT?
 the pool of global address*
 the range of external IP addresses that internal hosts
are permitted to access
 the pool of available NAT servers
 the range of internal IP addresses that are translated
9.2.2 Configure Dynamic NAT
Dynamic NAT uses a pool of inside global addresses that
are assigned to outgoing sessions. Creating the pool of
inside global addresses is accomplished using the ip nat
pool command.
42. Which address type is not supported by IPv6
 multicast
 private
 unicast
 broadcast*
IPv6 supports unicast, private, and multicast addresses but
does not support Layer 3 broadcasts.
43. What is the purpose of setting the native VLAN
separate from data VLANs?
 The native VLAN is for routers and switches to
exchange their management information, so it should be
different from data VLANs.
 A separate VLAN should be used to carry uncommon
untagged frames to avoid bandwidth contention on
data VLANs.*
 The security of management frames that are carried
in the native VLAN can be enhanced.
 The native VLAN is for carrying VLAN management
traffic only.
6.1.1 Overview of VLANs
When a Cisco switch trunk port receives untagged frames
(unusual in well-designed networks), it forwards these
frames to the native VLAN. When the native VLAN is moved
away from data VLANs, those untagged frames will not
compete for bandwidth in the data VLANs. The native
VLAN is not designed for carrying management traffic, but
rather it is for backward compatibility with legacy LAN
scenarios.
44. Which ACE would permit traffic from hosts only on
the 192.168.8.0/22 subnet?
 permit 192.168.8.0 0.0.3.255*
 permit 192.168.0.0 0.0.15.255
 permit 192.168.8.0 255.255.248.0
 permit 192.168.8.0 0.0.7.255
45. Which two issues might cause excessive runt and
giant frames in an Ethernet network? (Choose two.)
 damaged cable connector
 using the incorrect cable type
 native VLAN mismatch
 a malfunctioning NIC*
 excessive collisions*
 incorrectly configured auto-MDIX feature
5.1.2 Configure Switch Ports
In an Ethernet network, a runt is a frame that is shorter
than 64 bytes and a giant is a frame that is longer than the
maximum allowed length. Both are often caused by NIC
malfunctioning, but can also be caused by excessive
collisions. CRC errors usually indicate a media or cable
error caused by electrical interference, loose or damaged
connections, or using the incorrect cabling type.
46. Refer to the exhibit. Which static route would an IT
technician enter to create a backup route to the
172.16.1.0 network that is only used if the primary RIP
learned route fails?
 ip route 172.16.1.0 255.255.255.0 s0/0/0
 ip route 172.16.1.0 255.255.255.0 s0/0/0 111
 ip route 172.16.1.0 255.255.255.0 s0/0/0 91
 ip route 172.16.1.0 255.255.255.0 s0/0/0 121*
2.2.5 Configure Floating Static Routes
A backup static route is called a floating static route. A
floating static route has an administrative distance greater
than the administrative distance of another static route or
dynamic route.
47. Refer to the exhibit. Which three events will occur as
a result of the configuration shown on R1? (Choose
three.)
 Only traffic that originates from the GigabitEthernet

0/1 interface will be monitored.
 The syslog messages will contain the IP address the
GigabitEthernet 0/1 interface.*
 Messages that are sent to the syslog server will be
limited to levels 3 or lower.*
 Messages that are sent to the syslog server will use
192.168.1.5 as the destination IP address.*
 For multiple occurrences of the same error, only the
first three messages will be sent to the server.
 Messages that are sent to the syslog server will be
limited to levels 3 and higher.
48. Which IPv6 prefix is reserved for communication
between devices on the same link?
 2001::/32
 FC00::/7
 FDFF::/7
 FE80::/10*
fe80::/10 — Addresses in the link-local prefix are only valid
and unique on a single link. Within this prefix only one
subnet is allocated (54 zero bits), yielding an effective
format of fe80::/64. The least significant 64 bits are usually
chosen as the interface hardware address constructed in
modified EUI-64 format. A link-local address is required on
every IPv6-enabled interface—in other words, applications
may rely on the existence of a link-local address even
when there is no IPv6 routing. These addresses are
comparable to the auto-configuration addresses
169.254.0.0/16 of IPv4.
fc00::/7 — Unique local addresses (ULAs) are intended for
local communication. They are routable only within a set of
cooperating sites.[24] The block is split into two halves,
the upper half (fd00::/8) is used for “probabilistically
unique” addresses in which a 40-bit pseudorandom number
is used to obtain a /48 allocation. This means that there is
only a small chance that two sites that wish to merge or
communicate with each other will have conflicting
addresses. No allocation method for the lower half of the
block (fc00::/8) is currently defined. These addresses are
comparable to IPv4 private addresses (10.0.0.0/8,
172.16.0.0/12 and 192.168.0.0/16)
49. Refer to the exhibit. Packets destined to which two
networks will require the router to perform a recursive
lookup? (Choose two.)
 128.107.0.0/16
 192.168.1.0/24
 64.100.0.0/16
 192.168.2.0/24*
 172.16.40.0/24
 10.0.0.0/8*
50. Refer to the exhibit. Routers R1 and R2 are
connected via a serial link. One router is configured as
the NTP master, and the other is an NTP client. Which
two pieces of information can be obtained from the
partial output of the show ntp associations detail
command on R2 (Choose two.)
 Router R1 is the master, and R2 is the client.*

 The IP address of R2 is 192.168.1.2.
 The IP address of R1 is 192.168.1.2.*
 Both routers are configured to use NTPv2.
 Router R2 is the master, and R1 is the client.
10.2.1 NTP
With the show NTP associations command, the IP address
of the NTP master is given.
51. A network technician is configuring port security on a
LAN switch interface. The security policy requires host
MAC addresses to be learned dynamically, stored in the
address table, and saved to the switch running
configuration. Which command does the technician need
to add to the following configuration to implement this
policy?
 Switch(config)# interface fa0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport portsecurity
 Switch(config-if)# switchport port-security maximum
40
 Switch(config-if)# switchport port-security
macaddress
macaddress sticky*
macaddress 000B.FCFF.E880
52. After a license has been purchased and installed,
what is the next step that is required before it is
activated?
 Copy the running configuration to flash.
 Reboot the router.*
 Issue the license boot module technology-package
command.
 Copy the running configuration to NVRAM.
10.3.5 License Verification and Management
After the license is installed, the device needs to be
reloaded to activate the license.
53.Refer to the exhibit. A technician is programming
switch SW3 to manage voice and data traffic through
port Fa0/20. What, if anything, is wrong with the
configuration?
 There is nothing wrong with the configuration.

 Interface Fa0/20 can only have one VLAN assigned.
 The mls qos trust cos command should reference
VLAN 35.
 The command used to assign the voice VLAN to the
switch port is incorrect.*
54. A network administrator is using the router-on-a-
stick model to configure a switch and a router for inter-
VLAN routing. What configuration should be made on the
switch port that connects to the router
 CConfigure it as a trunk port and allow only untagged
traffic.
 Configure the port as an access port and a member of
VLAN1.
 Configure the port as an 802.1q trunk port.*
 Configure the port as a trunk port and assign it to
VLAN1.
6.3.3 Configure Router-on-a-Stick Inter-VLAN Routing
The port on the switch that connects to the router
interface should be configured as a trunk port. Once it
becomes a trunk port, it does not belong to any particular
VLAN and will forward traffic from various VLANs.
55. On which switch interface would an administrator
configure an IP address so that the switch can be
managed remotely?
 vty 0
 FastEthernet0/1
 VLAN 1*
 console 0
5.1.1 Configure a Switch with Initial Settings
Interface VLAN 1 is a virtual interface on a switch, called
SVI (switch virtual interface). Configuring an IP address on
the default SVI, interface VLAN 1, will allow a switch to be
accessed remotely. The VTY line must also be configured
to allow remote access, but an IP address cannot be
configured on this line
56.
57. The exhibit shows configuration commands from
switch SW3 as follows:
SW3(config)# vlan 35
SW3(config-vlan)# name marketing
SW3(config-vlan)# vlan 150
SW3(config-vlan)# name voice
SW3(config-vlan)# int fa0/20
SW3(config-if)# switchport mode access
SW3(config-if)# switchport access vlan 35
SW3(config-if)# mls qos trust cos
SW3(config-if)# switchport access vlan 150
SW3(config-if)# end
Refer to the exhibit. A technician is programming switch
SW3 to manage voice and data traffic through port
Fa0/20. What, if anything, is wrong with the
configuration?
 The mls qos trust cos command should reference
VLAN 35.
 The command used to assign the voice VLAN to the
switch port is incorrect. *
 Interface Fa0/20 can only have one VLAN assigned.
 There is nothing wrong with the configuration.
Explain: The voice VLAN should be configured with the
switchport voice vlan 150 command. A switch interface
can be configured to support one data VLAN and one voice
VLAN. The mls qos trust cos associates with the interface.
Voice traffic must be trusted so that fields within the voice
packet can be used to classify it for QoS.
58. Which address type is not supported in IPv6?
 unicast
 private
 multicast
 broadcast *

Ccna 2 Rse 6

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ccna 2 Rse 6

Uploaded by

Copyright:

Available Formats

CCNA 2 RSE 6.

0 Chapter 5 Exam Answers 2018

2. Which command is used to set the BOOT environment

3. What is a function of the switch boot loader?

4. Which interface is the default location that would

8. Refer to the exhibit. A network technician is

 All hosts on this network communicate in full-duplex mode.

9. Refer to the exhibit. What media issue might exist on

 The bandwidth parameter on the interface might be too

10. If one end of an Ethernet connection is configured

11. What is one difference between using Telnet or

12. Refer to the exhibit. The network administrator

CCNA 2 RSE 6.0 Chapter 5 Exam Answers 2018 2019 01

 Use SSH version 1.

15. A network administrator configures the port

16. Which two statements are true regarding switch

18. Refer to the exhibit. Port Fa0/2 has already been

CCNA 2 RSE 6.0 Chapter 5 Exam Answers 2018 2019 06

 SWA(config-if)# switchport port-security

19. Refer to the exhibit. What can be determined

CCNA 2 RSE 6.0 Chapter 5 Exam Answers 2018 2019 05

 The port has been shut down.

20. Refer to the exhibit. Which event will take place if

21. Open the PT Activity. Perform the tasks in the activity

22. Match the step to each switch boot sequence

23. Identify the steps needed to configure a switch for

CCNA 2 RSE 6.0 Chapter 5 Exam Answers 2018 2019 002

Noted: No order answers in netacad, but in our system you

o Create a static route pointing to Fa0/0 with an AD of 1.

o The FA0/0 interface is missing the command that informs the

o NAT-POOL2 is not bound to ACL 1.*

ip nat source list 1 interface serial 0/1/0 overload

Which additional command is required to specify addresses from the

o Address translation is working.*

34. R1(config)# boot system tftp://c1900-universalk9-mz.SPA.152-

R1(config)# boot system rom

What is the effect of the command sequence?

o fully specified static route

o C 192.168.2.0/24 is directly connected, Serial0/0/0

ip route 192.168.10.64 255.255.255.192 serial0/0/1

o The ip route command was used.

 Add the next-hop neighbor address of 209.165.200.226.

CCNA2 Practice Final v5.03 014

 The address on Fa0/0 should be 64.100.0.1.

 The NAT pool has been exhausted.*

 Apply an outbound extended ACL on R1 S0/0/1.

 It identifies the subinterface.

 (config)# interface gigabitethernet 1/1

45. Fill in the blank. Do not use abbreviations.

Place the options in the following order:

 Source MAC: 00E0.FE10.17A3

Place the options in the following order.

. How many /30 subnets can be created from one /27

 5 deny 172.23.16.0 0.0.15.255*

 Router R1 will de-encapsulate the packet and

 R1(config-if)# ip helper-address 10.2.0.250*

 The 172.16.1.0 route learned from RIP would be

 The switch interface FastEthernet0/1 is configured to

 forward the packet out GigabitEthernet0/1

 PC0, PC1, and PC2 MAC addresses

 Only traffic that originates from the GigabitEthernet

 Router R1 is the master, and R2 is the client.*